Microsoft rushes to fix browser after attacks; no fix for XP users

BOSTON Mon Apr 28, 2014 10:51am IST

The Microsoft logo is seen at their offices in Bucharest March 20, 2013. REUTERS/Bogdan Cristel/Files

The Microsoft logo is seen at their offices in Bucharest March 20, 2013.

Credit: Reuters/Bogdan Cristel/Files

Stocks

   

BOSTON (Reuters) - Microsoft Corp is rushing to fix a bug in its widely used Internet Explorer web browser after a computer security firm disclosed the flaw over the weekend, saying hackers have already exploited it in attacks on some U.S. companies.

PCs running Windows XP will not receive any updates fixing that bug when they are released, however, because Microsoft stopped supporting the 13-year-old operating system earlier this month. Security firms estimate that between 15 and 25 percent of the world's PCs still run Windows XP.

Microsoft disclosed on Saturday its plans to fix the bug in an advisory to its customers posted on its security website, which it said is present in Internet Explorer versions 6 to 11. Those versions dominate desktop browsing, accounting for 55 percent of the PC browser market, according to tech research firm NetMarketShare.

Cybersecurity software maker FireEye Inc said that a sophisticated group of hackers have been exploiting the bug in a campaign dubbed “Operation Clandestine Fox.”

FireEye, whose Mandiant division helps companies respond to cyber attacks, declined to name specific victims or identify the group of hackers, saying that an investigation into the matter is still active.

"It's a campaign of targeted attacks seemingly against U.S.-based firms, currently tied to defense and financial sectors," FireEye spokesman Vitor De Souza said via email. "It's unclear what the motives of this attack group are, at this point. It appears to be broad-spectrum intel gathering."

He declined to elaborate, though he said one way to protect against them would be to switch to another browser.

Microsoft said in the advisory that the vulnerability could allow a hacker to take complete control of an affected system, then do things such as viewing changing, or deleting data, installing malicious programs, or creating accounts that would give hackers full user rights.

FireEye and Microsoft have not provided much information about the security flaw or the approach that hackers could use to figure out how to exploit it, said Aviv Raff, chief technology officer of cybersecurity firm Seculert.

Yet other groups of hackers are now racing to learn more about it so they can launch similar attacks before Microsoft prepares a security update, Raff said.

"Microsoft should move fast," he said. "This will snowball."

Still, he cautioned that Windows XP users will not benefit from that update since Microsoft has just halted support for that product.

The software maker said in a statement to Reuters that it advises Windows XP users to upgrade to one of two most recently versions of its operating system, Windows 7 or 8.

(Reporting by Jim Finkle; Editing by Diane Craft)

FILED UNDER:
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (2)
Cassandrina wrote:
Microsoft have a marvellous opportunity to make friend by servicing XP users with the repair patch.
Will they do it? Don’t hold your breath.
If they do not they have no morals.

Apr 28, 2014 10:42pm IST  --  Report as abuse
MU3tTAq7EIN wrote:
If free network system is not achieved, it’s terrorism.

Apr 28, 2014 3:19am IST  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.

  • Most Popular
  • Most Shared

APPLE

A shattered large glass panel, part of Apple's cube store on Fifth Avenue, damaged from the results of the snowstorm on Tuesday is seen in New York, January 22, 2014. REUTERS/Shannon Stapleton/Files

Apple e-book settlement gets court nod

Apple Inc won preliminary court approval for its $450 million settlement of claims it harmed consumers by conspiring with publishers to raise e-book prices. In approving the accord, U.S. District Judge overcame concerns she had expressed over a settlement provision allowing Apple to pay just $70 million if related litigation were to drag out.  Full Article 

Reuters Showcase

Patent Battles

Patent Battles

Microsoft sues Samsung in U.S. over patent royalties.  Full Article 

Facebook Back Up

Facebook Back Up

Facebook restores service after outage in many countries.  Full Article 

LinkdIn Growth

LinkdIn Growth

LinkedIn's hiring business seen key to growth  Full Article 

HP Settlement

HP Settlement

Hewlett-Packard to pay $32.5 million to settle USPS pricing case  Full Article 

Digital Teleporting

Digital Teleporting

Film world's cast of toys teleport into digital playground   Full Article 

China Hacking?

China Hacking?

Hacking attack in Canada bears signs of Chinese army unit - expert  Full Article 

P2i IPO

P2i IPO

Start-up behind 'dunkable' phone technology explores Asian IPO  Full Article 

BBM for Windows

BBM for Windows

BlackBerry opens up BBM to Windows phone users  Full Article 

Reuters India Mobile

Reuters India Mobile

Get the latest news on the go. Visit Reuters India on your mobile device.  Full Coverage